The ACSC had a busy first half of 2018 executing across all three of our primary focus areas - collaborative defense, workforce development, and public policy. Our members are active and involved in our workshops, forums and research and contribute critical and compelling insights to our monthly meetings. This information sharing with peers and across multiple sectors provides significant value to our members, particularly through the opportunities discussed below.

The Advanced Cyber Security Center (ACSC) today announced the results of a cyber security public opinion survey that finds Massachusetts residents deeply concerned over privacy and the control of their personal data. Titled “Cyber Security Post Equifax: Perceptions and Priorities from Massachusetts Residents,” the study examines public opinion on consumer and privacy matters related to cyber security.

The ACSC was invited to speak at the recent HIMSS Healthcare Security Forum (Boston, Sept. 11-13), the only peer-to-peer networking event focused on healthcare’s unique privacy and security challenges and threats. ACSC Executive Director Michael Figueroa took to the stage for a session titled “Getting Past Blame, offering a community strategy for hacking security.”

The 2017 Advanced Cyber Security Center (ACSC) Annual Conference will take place from 8:00 am to 5:30 pm on Thursday, November 2, at the Federal Reserve Bank of Boston. The event brings together more than 200 executives and experts from the region’s industry, investor, university, and government organizations to address best practices for combatting the most advanced cyber threats.

While Edward Snowden's leaks damaged US national security, the disclosures also led to crucial surveillance reforms. A pardon would signal to the world the US has learned from its mistakes and respects internet freedom, privacy, and human rights.

Cybersecurity budgeting should start with a holistic and comprehensive risk assessment. Once all threats and vulnerabilities are listed and prioritized, companies can proceed to properly managed RFP to select right security controls. A security control shall assure appropriate, efficient and continuous risk mitigation in accordance to corporate risk strategy and risk appetite. However, in reality things happen in much different and less effective way.

Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines. But the Federal Reserve Bank of Boston and other regulators worry that smaller banks, with less robust cybersecurity, provide easier targets for criminals, terrorists, and foreign states seeking to infiltrate the US financial system.

Exelon Corp. and other major U.S. power producers are in discussions with regulators and stakeholders on a detailed plan for preventing and responding to cyberattacks designed to disrupt the country’s electric system.

BlackBerry is not the smartphone powerhouse it used to be, but it’s been making a concerted effort to hold on to its position as a go-to place for enterprise customers, specifically in highly secure environments. As part of that strategy, today the company announced that it has acquired Encription Ltd, a cybersecurity consultancy that delivers services globally but operates “from a secure location in Worcestershire” in the UK.

More than 1.3 million Massachusetts residents had personal information compromised last year by cybercriminals, careless workers, and old-fashioned crooks, a fourfold increase from 2014 and the most since the state began tracking data breaches in 2007.

With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues.

These questions originally appeared on Quora - the knowledge sharing network where compelling questions are answered by people with unique insights. Answers by Ed Felten, Deputy U.S. Chief Technology Officer, on Quora.

hrough two executive orders signed Tuesday, President Obama put in place a structure to fortify the government's defenses against cyber attacks and protect the personal information the government keeps about its citizens.

That “giant sucking sound” that can be heard is the tangled monster of data security and privacy issues pulling “all lawyers with expertise” into its grip, Juliet M. Hanna, associate general counsel at Fannie Mae, told attendees of the LegalTech conference in New York Tuesday.

The U.S. Food and Drug Administration today issued a draft guidance outlining important steps medical device manufacturers should take to continually address cybersecurity risks to keep patients safe and better protect the public health. From 1/15/16

It’s old news by now that Republican presidential candidate Ben Carson—despite his medical degree—has a tenuous relationship with science. So I didn’t exactly have great expectations for his campaign’s cybersecurity plan, modestly titled “Prescription for Winning the 21st Century Cyberspace Race.” To be honest, I wasn’t expecting a dedicated cybersecurity plan at all, much less an op-ed dedicated to the topic by Carson in Re/code this week.

Brown University’s School of Professional Studies announces a new 16-month program leading to an Executive Master in Cybersecurity degree. Enrollment is underway for the fall session of the new degree program, created for individuals with five to 15 years of managerial experience and responsibility for information security.

Cybersecurity is one of the hottest fields in technology. And that means there’s plenty of competition for bright young people with the right skills.
Government agencies are trying to improve their recruitment of these in-demand graduates by bankrolling scholarships for digital security students, including a new program at UMass Amherst.
The $4.2 million grant-funded initiative will help train up to 28 students in cybersecurity at the school for two years each, beginning this fall.

President Barack Obama is set to sign the most substantial piece of cybersecurity legislation in years, after an intense sprint of 24/7 negotiations managed to get the bill ready in time to be attached to the government spending measure the House and Senate approved Friday.

A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations.

Twitter has begun notifying account holders who the company believes are being targeted by state-sponsored hackers, following in the footsteps of Google and Facebook as government-hired cyber spies continue to set their sights on social media.

Though often discussed in highly technical terms, cybersecurity and safeguarding patient data are arguably more human-centric than anything. The root cause of breaches is usually human error — an employee who falls for a phishing scam or shares a password, for example. Research from IBM shows 95 percent of all security incidents involve human error.

In the wake of terrorist attacks in California and Paris, Sens. Dianne Feinstein and Richard Burr are reviving a controversial proposal requiring social media sites report terrorist activity to federal authorities.

Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

THE VAST stores of digital information generated by everyday lives—communications data, CCTV footage, credit-card records and much more—are now yielding invaluable clues about the terrorist attacks in Paris and are helping guide the hunt for the surviving plotters. But prevention is better than cure. The attacks have highlighted the failure of the authorities to share information across borders and agencies. How can this be improved?

Cybersecurity company iSight has discovered a new malware virus that is able to entrench itself so deeply into point-of-sale systems that it will be overlooked by most antivirus software. The firm states that the new form of attack is the most advanced that it has ever seen.

With the ongoing and seemingly never-ending flood of cyberattacks, companies and governments the world over need experienced, skilled professionals to protect, defend, and strike back. But how do you get into the lucrative cybersecurity career? David Gewirtz has some advice.

The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.

Although cybersecurity has become a more prominent issue for executives and boards of directors, three recent benchmark surveys − the BDO Board Survey, the 2015 Consero Group’s General Counsel Data Survey, and the 2015 US State of Cybercrime Survey − indicate that a number of cyber-preparedness gaps remain.

New York regulators are considering a host of cybersecurity requirements for banks and insurers and urged other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.

The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

Cybersecurity has been at the forefront of the news for several years. Coverage of the space usually focuses on a breach at a consumer-facing company, resulting in people’s credit cards, bank and personal records being stolen.

While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.

The White House announced plans on Friday to modernize the federal government's out-of-date cybersecurity practices. Work has been underway for much of the Obama administration, but the Office of Personnel Management hack reported in June must have made it abundantly clear that things weren't progressing fast enough.

It took more than four years for the Senate to pass a cybersecurity bill. As the legislation grew stale amid compromise and contention on the Senate floor over the years, hackers continued to refine their criminal craft and develop more sophisticated methods of attack.

Over the past few years, the federal government and big corporations, including Sony and Target, have been hit by massive data breaches, a chilling reminder of the severity and scope of cybersecurity threats.

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

The U.S. Senate on Tuesday began debating a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits.

In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

Some federally managed university education programs focused on cybersecurity cannot, in their current state, address the skills gap for operational cyber defense talent in the federal government, according to a report.

The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology.

According to the report, government can do more to explain and streamline different programs and scholarships available to students who want cyber skills.Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

The Senate is expected to take up a bipartisan cybersecurity bill later this month aimed at thwarting more massive hack attacks against the federal government and American companies, the bill's lead sponsors announced Tuesday.

A U.S. Government Accountability Office report released Tuesday revealed that federal agencies are struggling to implement effective cybersecurity measures and policies, a notion that will surprise few.

Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee, Sept. 29, 2015. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

oday, President Obama, appearing with Chinese President Xi Jinping, announced that the United States and China had reached an agreement to curb "cyber-enabled theft of intellectual property" between the two countries

FireEye (FEYE), Palo Alto Networks (PANW) and Cyberark Software (CYBR) are all providers of advanced cybersecurity products. While each company provides a vast array of services, each company also has a niche that defines it.

Efforts to craft legislation that would promote sharing cyberthreat information between the private sector and government – without jeopardizing privacy, civil liberties and leaving organizations vulnerable to liability – isn’t there yet, according to critics.

The Securities and Exchange Commission (SEC) settled charges Tuesday with an investment adviser that allegedly failed to properly protect its clients’ data in what might be a first-of-its-kind enforcement action.

With data breaches becoming an unfortunate everyday occurrence, cybersecurity is no longer just an IT issue. Legal departments, which have a need to protect sensitive information, such as employees’ and clients’ personally identifiable information and nonpublic corporate information, are increasingly becoming involved in data security issues as the universe of risk exposure expands.

On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyber threats that are grabbing news headlines.

If Congress succeeds in pushing through CISA, neither the bill in its current form – nor any of the amendments – will do much to increase the effectiveness or timeliness of cybersecurity information sharing.

Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. - See more at: http://www.natlawreview.com/article/gsa-seeks-industry-input-cybersecurity-schedule-offerings#sthash.dYH6Y8vn.dpuf

After a brief but heated battle, senators packed up for summer recess early this month without voting on a key cybersecurity bill. In announcing that the bill's consideration would be delayed, Majority Leader Mitch McConnell lined up 22 amendments that will get a vote when the bill comes up again in the fall, a product of intense negotiations over the bill's fate.The latest research from MarketResearch.com forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.

Recently, the Internal Revenue Service revealed the data breach that happened in May via the agency’s “Get Transcript” program affected three times as many users as originally reported -- 334,000 accounts in all.

Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should.

As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up.

Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform -- known as EINSTEIN 3A -- available to all federal civilian agencies by the end of 2015

This summer, approximately 1,300 middle and high school students plus a number of K-12 teachers will attend cybersecurity camps at universities in 18 states, learning about online threats, basic cyber defenses and the ethics of operating in the virtual world.

U.S. banking regulators must hire and train more examiners with technology expertise so they can give more useful cyber security recommendations to small and mid-sized banks, a federal watchdog agency has warned.

Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.

Most corporate cybersecurity efforts happen outside the official security department, says James Kaplan, a partner at McKinsey & Co. and co-author of “Beyond Cybersecurity: Protecting Your Digital Business.” Critical cybersecurity work touches all areas of a company, including risk management and application development, Mr. Kaplan said. He stopped by The Wall Street Journal’s office to discuss the current state of cybersecurity and how it can be more effective.

It is up to the United States to create conditions to resume regular talks on cyber security, China's foreign ministry said on Tuesday, as the two countries began three days of high-level meetings in Washington.

The massive breach of Office of Personnel Management systems that compromised the personal data of millions of Americans is still making headlines. But behind those headlines is a much bigger story about the government's systematic failure to protect itself from cybersecurity risks that have expanded at an alarming rate.

Most organizations are involved in a cyclical process of enhancing their cybersecurity posture focused around their sensitive data and processes. While enhancement involves roadmaps and milestones, a key element should also be evaluating your cybersecurity people, processes, and technology with the purpose of making transitional changes from a current state to a more secure future state.

As news of the full scope of the breach of Office of Management and Budget systems emerges, Federal CIO Tony Scott launched a government-wide Cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.

On the heels of a vast breach of the personal information of federal employees, the Senate failed Thursday to advance a cybersecurity measure, the third time in three years that a bipartisan effort to tackle the problem has fallen victim to procedural actions.

Kaspersky Lab said it believed the attack was designed to spy on its newest technologies.
It said the intrusion involved up to three previously unknown techniques.
The Russian firm added that it was continuing to carry out checks, but believed it had detected the intrusion at an early stage.
Although it acknowledged that the attackers had managed to access some of its files, it said that the data it had seen was "in no way critical to the operation" of its products.

Senate Majority Leader Mitch McConnell is firing back at Senate Democrats’ procedural threats — by daring them to oppose a cybersecurity bill just days after a massive attack on the federal government’s computer systems was revealed.
On Tuesday, McConnell announced his strategy to link the cybersecurity measure to a sweeping defense policy bill that’s now on the Senate floor. That could make it harder for Democrats to oppose the underlying bill, which they say uses a budget gimmick to boost defense funding.

The U.S. government has long known about its cybersecurity vulnerabilities, and the problem is only getting worse, President Barack Obama said Monday.
"We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Obama said at news conference from the Group of Seven summit in Germany.

In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. They found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter, and 95 other companies’ systems.
They called their list the Hack 100.
When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.

Hackers based in China are believed to be behind a massive data breach that could have compromised the personal data of at least 4 million current and former federal employees, U.S. officials said late Thursday.

Earlier this year, Highland Capital announced that in addition to hosting its competitive Summer@Highland accelerator in San Francisco this summer, it would also partner with a pair of MIT PhD students to launch a pilot accelerator in its Cambridge office specializing in cybersecurity startups. The program, Cybersecurity Factory, is being organized by Jean Yang and Frank Wang, and has just announced the two winning teams, both of which are Boston-based companies working on cloud encryption technology.

It's finally over. The Senate on Tuesday sent legislation reforming the nation's surveillance laws to President Obama's desk. The 67-32 vote for the USA Freedom Act came more than 36 hours after three parts of the Patriot Act expired, forcing the National Security Agency (NSA) to wind down its bulk collection of U.S. phone data. The bill will essentially end the phone data collection program altogether.

It's now been almost two years since the Defense Department issued a final rule requiring contractors to inform the government when their systems have been involved in cybersecurity breaches and that government technical data has been stolen.

China will prepare a five-year cybersecurity plan to protect state secrets and data, the official China Daily said on Thursday, citing a senior official of the Ministry of Industry and Information Technology.

A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking.

The discovery of computer bugs can be marketing boons for cybersecurity firms. But one critic says the industry should take a page from the health profession and select names for flaws that aren't designed to stoke fear or generate buzz.

On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential and sensitive information concerning fund investors and advisory clients.

IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of Building Code for Medical Device Software Security, a set of guidelines to help companies establish a secure baseline for software development and production practices of medical devices. Authored by leading security research scientists Tom Haigh and Carl Landwehr, Building Code for Medical Device Software Security provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.

Men have long dominated the technology industry and the Cybersecurity Competition Federation (CyberFed) seeks to close that gender gap. To educate and inspire women to participate in cybersecurity competitions, CyberFed produces The CyberFed Show to showcase more women in the cybersecurity sector.

The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated.
Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage.

Cybersecurity has become a big deal. Corporations have begun to worry about cybersecurity risks. In response, some major law firms have recently established or significantly bolstered practice groups in cybersecurity law.
If you look closely, though, there isn’t much clarity about what ‘cybersecurity law’ actually means. In this post, I thought I would explain what I think of as the field of cybersecurity law.

As big businesses spend millions of dollars to plug holes in their technology and block cyber criminals from databases of private consumer information, hackers are increasingly targeting a different weakness: employees.
They are sending official-looking e-mails to large health systems, banks, retailers, and vendors to try to trick employees into giving up passwords or other credentials. Armed with employee passwords, criminals can access mines of sensitive information and use it to steal identities and commit fraud.
That is how data from about 3,300 patients was breached last year at Partners HealthCare. Several employees responded to so-called phishing e-mails and mistakenly allowed access to patient names, addresses, health insurance information, and Social Security numbers.
It turns out that tricking an employee to give up a password is easier than hacking, cyber-security specialists said.

They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population.
It's a perplexing -- and sometimes annoying -- question nearly every female information security professional hears over and over again: why are there still so few women in their field?
Just 10% of information security pros worldwide are women today, according to the latest data from (ISC)2, despite the fact that women are getting more high-profile roles in the industry and that there are job opportunities aplenty. It's a reality that confounds and frustrates many women in the industry, who today represent a mix of researchers, chief information security officers, executives, and top government cyber security leaders.

“Spooky action at a distance” is how Albert Einstein described one of the key principles of quantum mechanics: entanglement. Entanglement occurs when two particles become related such that they can coordinate their properties instantly even across a galaxy. Think of wormholes in space or Star Trek transporters that beam atoms to distant locations. Quantum mechanics posits other spooky things too: particles with a mysterious property called superposition, which allows them to have a value of one and zero at the same time; and particles’ ability to tunnel through barriers as if they were walking through a wall.

The Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era?

Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government.
In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee). In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.

Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns.
This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market.
A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.

Everyone – including the experts – makes mistakes when it comes to information security. Whether it’s failing to properly secure your website for customers, or not implementing effective password managers, minor cybersecurity gaps can rapidly evolve into a much more serious security incident.
As security experts from around the globe gather for the annual RSA Conference in San Francisco, Distil Networks has compiled a list of tips and things you should NEVER do.

Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error.

Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

One way we can move forward in Massachusetts is in partnership with the Advanced Cyber Security Center, a four-year-old industry, higher education and government consortium that seeks to ensure that Massachusetts has the research and educational strengths it needs to be a global cybersecurity leader.

Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach.

“We certainly think we have the resources and capabilities to be one of those centers of gravity [in cybersecurity],” Benway says. “We think we are one of the centers of gravity. We do have the right mix of assets and resources to be a national leader in cybersecurity.”

Nagourney’s research was funded by a grant from the National Science Foundation (NSF) and the Advanced Cyber Security Center (ACSC). Her findings were first presented in September 2014 at a Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT.

Yet the number of professionals in the field in Massachusetts is not enough to meet the demand, said Charlie Benway, executive director of the Advanced Cyber Security Center, a Bedford nonprofit consortium Mass Insight established in 2011.

Mick Costa, who works in cyber security for the Federal Reserve Bank of Boston, also works with a nonprofit consortium called the Advanced Cyber Security Center of Massachusetts, an outfit that educates businesses and organizations about cyber attacks. Costa spoke to North Shore business leaders Thursday at the North Shore Chamber of Commerce’s business expo, which featured 100 exhibitors at the DoubleTree by Hilton Boston North Shore.

The use of a personal email account by a high-ranking government official has also prompted questions about security. Baker may not be operating his own email server out of his Swampscott home, but on Wednesday in a speech to Mass Insight’s Global Massachusetts 2024 conference the governor highlighted cyber security as a “major challenge” in the digital age.

“The size and scope of the problem has grown dramatically as the threat has increased and as we've seen more high-profile breaches,” says Charlie Benway, executive director of the Advanced Cyber Security Center (ACSC).

Until its advertising software was discovered deep inside Lenovo personal computers two weeks ago, a little company called Superfish had maintained a surprisingly low profile for an outfit once named America’s fastest-growing software start-up.

The “frequency, scale, sophistication, and severity” of cyber attacks against the United States are increasing from “profit-motivated criminals, ideologically motivated hackers or extremists, and variously capable nation states like Russia, China, North Korea, and Iran,” said James Clapper, director of national intelligence, during testimony before the Senate Armed Services Committee on Thursday.

Bob Brennan, CEO of Burlington-based cybersecurity firm Veracode, talks about the state of cyber threats to companies worldwide and locally, and what his company can do to help. Video by Chen Shen, special to the Boston Business Journal.

This week researchers found that newer Lenovo laptops shipped with pre-installed software made by Superfish. The discovery is the latest reminder that our collective security depends on one another more than ever. As the news quickly rippled out, our Threat Infrastructure team at Facebook began performing an analysis of the details. Given our strong belief in the value of openness in security and learning from one another, we summarized some of our findings below to help guide future research on the subject.

As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting Private Sector Cybersecurity Information Sharing,” what follows is an analysis of that Order.

Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005-2009, will deliver the first University of Delaware Cybersecurity Initiative Distinguished Lecture on Feb. 10.

Cybersecurity is another natural opportunity for a research center of excellence. Already a nonprofit consortium, the Advanced Cyber Security Center, has been launched, situated in Bedford, bringing together experts from industry, universities, and government to address cybersecurity threats. In robotics, Massachusetts has a fast-growing cluster, including some of the leading companies in the world.

While legislation can offer liability protection, the need for such protection as an incentive for sharing has been exaggerated. Companies can and do already share confidential threat information under the protection of nondisclosure agreements. The Advanced Cyber Security Center, based in Boston, is one such sharing arrangement. It includes companies like Pfizer, State Street, and RSA/EMC Corporation along with with the Federal Reserve Bank of Boston and the Commonwealth of Massachusetts.

President Obama on Monday called for federal legislation intended to force American companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kind that hit Sony, Target and Home Depot last year.

2014 was a pivotal year for media coverage of cybersecurity. Pervasive data breaches at major retailers and other institutions garnered consistent headlines across both trade media as well as mainstream press. For its efforts to facing pervasive cyber challenges, ACSC also received positive coverage in 2014 culminating in a Boston Business Journal op-ed piece on cyber resiliency and a feature story in Network World that highlights the ACSC and its direction in 2015.

Rather than throw cybersecurity education funding at Congressional districts, we need to invest strategically in centers of excellence like the Massachusetts-based Advanced Cybersecurity Center which brings together private sector, public sector, and leading academic institutions.

This notion, that "threat actors' are already in, is a paradigm shift in the way sophisticated enterprises approach cybersecurity. To echo this point, this month, the Advanced Cyber Security Center (ACSC) welcomed Michael Chertoff, former secretary of The U.S. Department of Homeland Security and the Executive Chairman of The Chertoff Group to keynote our annual meeting.

The Advanced Cyber Security Center is a three year old organization with a bold mission to “bring together industry, university, and government organizations to address the most advanced cyber threats” and drive cybersecurity R&D in the New England region.

Americans say they are deeply concerned about privacy on the web and their cellphones. They say they do not trust Internet companies or the government to protect it. Yet they keep using the services and handing over their personal information.

A $10-billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors.

Two months after it revealed that 56 million of its customers’ debit and credit cards had been compromised, Home Depot yesterday disclosed that hackers also stole 53 million email addresses — information that, coupled with customers’ financial data, could be used to hack their family and friends, as well as banks, businesses and government agencies, one expert said

Mass Insight and the 3-year-old nonprofit Advanced Cyber Security Center plan a formal launch of the consortium next year. They so far have letters of support from the Univer­sity of Massachusetts, Northeastern University, MIT Computer Science and Artificial Intelligence Laboratory, State Street Corp., the Federal Reserve Bank of Boston, .406 Ventures and the city of Boston.

Cyber security, to be successful, has to be a “team sport,” former Homeland Security secretary Michael Chertoff told attendees of the Advanced Cyber Security Center (ACSC) Conference at the Federal Reserve Bank of Boston Tuesday morning.

The conference was sponsored by Advanced Cyber Security Center, a Boston-based group of business representatives, government officials, and academics who share information and research about online threats.

Press Release: ACSC welcomes Michael Chertoff, former secretary of the U.S. Department of Homeland Security and Executive Chairman of The Chertoff Group for keynote at the ACSC Annual Conference on November 5, 2014 at the Federal Reserve Bank of Boston.

News roundup: New research shows a dramatic increase in the cost of cybercrime and data breach remediation. Plus: Security as a service popularity surges, Snowden journalist touts the importance of free security software, and more.

A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. You will need to patch ASAP.

Anna Nagurney and Senay Solak from the operations and information management department, Mila Getmansky Sherman of the finance department, and Wayne Burleson from electrical and computer engineering, supported the conference with proceeds from a $40,000 grant from the Advanced Cyber Security Center, a nonprofit consortium based in Bedford.

The event was sponsored through a grant that we received from the Advanced Cyber Security Center (ACSC): Professors Wayne Burleson of the College of Engineering, Mila Sherman of the Finance Department, and Senay Solak, and I of the Department of Operations and Information Management at UMass Amherst.

When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity. The alliance stated that “cyber defence is part of NATO’s core task of collective defence,” presenting concerns so severe that they might lead to invocation of Article Five of the North Atlantic Treaty — the article calling on all members to come to the defense of a threatened nation.

The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.

The information technology sector has boomed for a number of years now, creating a shortage of workers with degrees and experience in the computer sciences. From startups to established tech firms, companies can’t find enough qualified IT workers for their needs, said Brendan King, chief executive of King & Bishop Inc., a Waltham recruiting company.

Nearly one in five Massachusetts residents had their personal or financial information stolen in data breaches last year, a figure driven by a massive data theft at Target Corp. stores, according to a state report set for release Thursday, as cybercrime becomes more frequent, sophisticated, and malicious.

The Greater Boston area ranks second in the nation in tech employment and fourth in tech-related venture capital funding among major U.S. markets, according to a report released Friday from commercial real estate firm Jones Lang Lasalle.

Rumors of a data breach at a major New York bank started circulating more than a week ago in cybersecurity circles. So for insiders, news that JPMorgan Chase had been victimized was more confirmation than revelation, the latest headline from a digital crime wave that shows no sign of ebbing.

A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.

A global watchdog has sounded the alarm about the growing danger of cyber attacks, on financial markets, warning that companies and regulators around the world need to address the “uneven” response to the threat of online assaults.

More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday.

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

Big data is about more than big numbers. Meet Fortune’s first class of Big Data All-Stars: 20 extraordinary people who we think are the best at connecting the dots, digging deep, and discovering the information that will transform the way businesses operate.

In response to a shortage of cyber professionals in the U.S., the National Security Administration is reaching out to a younger crowd: college students.
Beginning in 2012, the NSA started its National Centers of Academic Excellence in Cyber Operations Program at select universities across the nation to attract students to the field.

Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.

According to the Identity Theft Resource Center, there have already been 395 data breaches in the U.S. this year that have been reported to regulators or covered by media outlets, a 21 percent increase over the same period last year.

The industrial control systems of hundreds of European and US energy companies have been infected by a sophisticated cyber weapon operated by a state-backed group with apparent ties to Russia, according to a leading US online security group.

CRITs has already established itself as a key tool in active defense. The Advanced Cyber Security Center (ACSC)—a non-profit consortium, comprised of 27 New England area industry, university, and government organizations, established to address the most advanced cyber threats—leverages CRITs to share threat intelligence among its members.

Organized by the Advanced Cyber Security Center (ACSC) and hosted by leaders at Hanscom, the event fostered vigorous discussion about the most efficient and secure ways to store and protect critical data and systems.

The Commonwealth of Massachusetts through the Executive Office of Public Safety and Security, Massachusetts Army National Guard, the Information Technology Division and the University of Massachusetts are members of the Advanced Cyber Security Center. The center is a nonprofit consortium that brings together industry, university and government partners to address the most advanced cyber threats.

In the Obama administration’s most direct confrontation with China over its theft of corporate secrets, the Justice Department on Monday unsealed an indictment of five members of the Chinese People’s Liberation Army and charged them with hacking into the networks of Westinghouse Electric, the United States Steel Corporation and other companies.

Target Corp. announced today that CEO Gregg Steinhafel has stepped down from his position, effective immediately, less than five months after it was discovered the retail giant had been struck by a massive data breach.

The White House, hoping to move the national debate over privacy beyond the National Security Agency’s surveillance activities to the practices of companies like Google and Facebook, released a long-anticipated report on Thursday that recommends developing government limits on how private companies make use of the torrent of information they gather from their customers online.

Congressman Derek Kilmer (WA-6) and Congresswoman Niki Tsongas (MA-3) announced today they will introduce legislation to make the Department of Defense information technology systems stronger, more efficient and more secure.

Non-profit information sharing organizations such as Boston’s Advanced Cybersecurity Center, the Bay Area Security Council, and ChicagoFirst have shown value in building smaller trust networks across sectors in metropolitan areas. And many for-profit information sharing organizations are also stepping into the game.

The word “Heartbleed” meant nothing at the start of the week. Today it is one of the hottest topics on the Internet — a simple security bug in an obscure piece of software that could compromise the personal information of millions.

Federal officials and IT-security industry executives are worried that more attacks like the Bit9 hack could be coming soon. They say cyber attacks are posing an increasing threat to small and midsized firms.

A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount.

Allied Minds, Inc., a Boston technology capital investment firm that funds early-stage technologies from U.S. national labs, has partnered with The MITRE Corp., a not-for-profit organization that operates six federally funded research labs, with the aim of commercializing technologies, starting those in the cyber and mobile security field.

Despite rising anxiety over the possibility of a cyberattack on the power grid, the industry and government are not set up well to counter the threat, according to a report produced by leading energy security experts.

The administration selected the Massachusetts Institute of Technology to help it understand the privacy implications of big data, in which computers — deep inside the NSA or in the offices of Amazon.com Inc. — analyze massive collections of personal information to either uncover potential terror threats or figure out shopping habits.

A cyber criminal ring targeting small retailers in 11 countries stole data on 49,000 payment cards using a malicious software known as "ChewBacca" before the operation was shut down, according to a cyber research firm.

Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released its Third Quarter, 2013 State of the Internet Report.

A report released last summer by the Massachusetts Biotechnology Council listed the state as the leading biotechnology cluster in the world, with more than 56,000 jobs — over half in research — and 1,174 drugs under development.

In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye, a provider of security software, has acquired Mandiant, a company known for emergency responses to computer network breaches.

Better cybersecurity information sharing has long been a priority for the security industry, but significant hurdles have always halted the progress of sharing initiatives. At the annual ACSC conference, security leaders from government, education and private industry made another attempt at cracking the info-sharing chestnut.

Caulfield was speaking about the Advanced Cyber Security Center (ACSC) which hosted its annual conference at the Fed here Tuesday. The ACSC is a cross-sector group of more than 30 public and private sector security officers who meet monthly to facilitate information sharing.

A bad guy turned good is a valuable asset, and Governor Deval Patrick is looking for people like Red to help nab cyber criminals — except he’s hoping they’ll skip the years of real lawbreaking and just practice hacking legally through the Governor’s Cyber Aces Championship.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The Board of Directors of the Advanced Cyber Security Center (ACSC), a non-profit consortium bringing together industry, university, and government partners to address the most advanced cyber threats, has concluded a comprehensive, six-month search by selecting Charlie Benway as the ACSC’s new executive director effective immediately.

EARLY WARNING: James Caufield of the Advanced Cyber Security Center in Boston speaks at the National Association of State Auditors, Comptrollers and Treasurers’ annual conference at the World Trade Center yesterday.

A US court has charged four Russians and a Ukrainian for stealing more than 160 million credit card numbers, which the prosecution says has resulted in hundreds of millions of dollars in losses for major corporations worldwide.

The cost of cyberespionage and cybercrime to the U.S. may reach $100 billion a year, according to a study to be released Monday, casting doubt on earlier estimates that the costs were as much as 10 times higher.

America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly.

Worries over medical-device cybersecurity have largely focused on plugged-in equipment primarily used in hospitals, such as computed tomography scanners and heart monitors that are vulnerable to viruses traveling across medical networks.

With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking companies and terrorist-hunting government officials.

The US Department of Homeland Security needs to use its authority to incentivize and enable the creation of trusted federations of companies, like the Advanced Cyber Security Center in Massachusetts, that share cyberthreat information and best practices for cyberprotection.

U.S. banks urged the Federal Reserve to take the lead in defending the financial services industry from cyber attacks by working with federal counterterrorism, intelligence and law enforcement agencies, documents show.

Chinese cyberspies are stealing businesses’ trade secrets. Iranian hackers are targeting U.S. banks. And the federal government is grappling with cyber espionage almost daily — even as it’s spending more than ever to stop it.

The Obama administration plans to boost U.S. spending on computer network security, including a 21 percent increase at the Pentagon, after reports of rising cyber attacks and electronic theft of secrets linked to China.

With China hacking the US, the US hacking China, and LinkedIn and Facebook and credit card companies and Google and who knows who else all vomiting our data all over the web, I was intrigued when a new report on data loss ran across my desk from auditing firm KPMG.

David Luzzi, executive director of Northeastern University's Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.

When the Soviet Union launched the first satellite in 1957, it set off an intellectual arms race that led to more than $1 billion of federal investment in science education. Within a decade, Americans were sending their own expeditions to outer space.

At the quarterly update and dinner, WCX will provide a progress report on its efforts to collaborate with the Advanced Cyber Security Center in Boston. The two organizations have teamed up to increase local and national resilience to threats from cyber attacks.

Pat Falcone, Associate Director, National Security & International Affairs Division at the White House OSTP singled out the ACSC as the "most impressive" and one of the best models she has seen for bringing together regional entities around the topic of cyber security.

The ACSC is pleased to announce the submission of the proposal entitled, Cybersecurity Risk Analysis based on Financial Engineering and Big-Data Analytics (CRAFA), led by the University of Massachusetts Amherst, represented by PIs Wayne Burleson, Anna Nagurney, Mila Getmansky, Senay Solak, Yanlei Diao, and the Massachusetts Institute of Technology, represented by PI Andrew Lo.

The Advanced Cyber Security Center — a New England consortium of university, industry, and government leaders focused on meeting cyber security challenges — this month named University of Massachusetts Amherst PhD student Georg T. Becker of as the winner of its "Best Cyber Security Solution" competition.

“The development of a science of cybersecurity could take decades,” Fred B. Schneider, the Samuel B. Eckert professor of computer science at Cornell University and a Pentagon adviser, wrote recently in “The Next Wave,” a nonclassified publication of the National Security Agency. “The sooner we get started, the sooner we will have the basis for a principled set of solutions to the cybersecurity challenge before us.”

The Advanced Cyber Security Center (ACSC), New England’s premier consortium of university, industry, and government leaders collaboratively facing cyber security challenges, has named Georg T. Becker of University of Massachusetts Amherst as the winner of its Best Cyber Security Solution.

While some industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cross-industry groups such as the Advanced Cyber Security Center (ACSC) facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable information.

More than 250 leaders from industry, academia, and government joined Gregory Bialecki, Secretary of The Massachusetts Executive Office of Housing and Economic Development today to welcome Dr. Steven King from the U.S. Department of Defense and Scott Tousley from the U.S. Department of Homeland Security for the Advanced Cyber Security Center Annual Conference: Organizing Public-Private Assets to Solve Grand Challenges at the Federal Reserve Bank of Boston.

Security attacks often arrive unannounced, but a well-established security plan and implementation can help mitigate these often costly situations. A recent discussion I had on the IBM for Midsize Businesses group on Linkedin, however, aimed to offer midsize business leaders guidance on how to protect their business, and their data.

Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.

The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.’ ”

Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government.

As a proud partner of the U.S. Department of Homeland Security’s national cybersecurity awareness Stop.Think.Connect.TM Campaign, we are happy announce the commencement of National Cyber Security Awareness Month (NCSAM) 2012.

Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.

The ACSC is somewhat unique. It's been forming for 3 years, and it brings together security experts from area nonprofits, universities and financial services companies — places like Fidelity, John Hancock and State Street Bank.

The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a seemingly inexhaustible supply of zero day vulnerabilities.

IT security is emerging as one of the Boston area’s commercial technology specialties, with six fast-growing security software firms in the region saying they are eyeing an initial public offering of stock in the next several years.

Despite well-publicized data­ thefts in recent years, major US companies are as vulnerable as ever to hacker attacks, and many executives say their businesses lack the resources to protect themselves, according to a report from the Waltham-based computer security company CounterTack Inc.

A blackout in Manhattan. A major dam failure. Mayhem at a chemical plant. Those are all potential, and entirely plausible, consequences of a cyber attack, according to a range of current and former national security officials, including the top American commander in charge of cyber security.